MUMC v01.06.0001 Unquoted Search Path SYSTEM code exec
CVE-2026-26033 Published on March 5, 2026

UPS Multi-UPS Management Console (MUMC) version 01.06.0001 (A03) contains an Unquoted Search Path or Element (CWE-428) vulnerability, which allows a user with write access to a directory on the system drive to execute arbitrary code with SYSTEM privileges.

NVD

Weakness Type

Unquoted Search Path or Element

The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. If a malicious individual has access to the file system, it is possible to elevate privileges by inserting such a file as "C:\Program.exe" to be run by a privileged program making use of WinExec.

Affected Versions

Dell Inc. UPS Multi-UPS Management Console (MUMC) Version 01.06.0001 (A03) is affected by CVE-2026-26033

Exploit Probability

EPSS

0.01%

Percentile

2.57%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

MUMC v01.06.0001 Unquoted Search Path SYSTEM code execCVE-2026-26033 Published on March 5, 2026

Weakness Type

Unquoted Search Path or Element

Affected Versions

Exploit Probability

MUMC v01.06.0001 Unquoted Search Path SYSTEM code exec
CVE-2026-26033 Published on March 5, 2026